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Abstract. A non-deterministic call-by-need lambda-calculus \ n dw with 
case, constructors, letrec and a (non-deterministic) erratic choice, based 
on rewriting rules is investigated. A standard reduction is defined as 
a variant of left-most outermost reduction. The semantics is defined by 
contextual equivalence of expressions instead of using a/3(?))-equivalence. 
It is shown that several program transformations are correct, for example 
all (deterministic) rules of the calculus, and in addition the rules for 
garbage collection, removing indirections and unique copy. 
This shows that the combination of a context lemma and a meta- 
rewriting on reductions using complete sets of commuting (forking, resp.) 
diagrams is a useful and successful method for providing a semantics of 
a functional programming language and proving correctness of program 
transformations. 



1 Introduction 

Functional programming languages are based on extended lambda calculi and 
the corresponding rewrite semantics. There are several methods of giving these 
languages a semantics and proving the correctness of program transformations: 

— A denotational semantics uses a mathematical domain and a mapping from 
expressions to their denotation. This defines an equivalence of expressions, 
which can be used to define a notion of correctness of program transforma- 
tions. This area is well-developed, but reaches its limits if non-deterministic 
operations are possible in the language. 

— An operational semantics defining the evaluation of expressions (the execu- 
tion, resp.). Sometimes this is used with a kind of syntactic equality (e.g. 
aP(rj) -equality in the lambda-calculus). It could also be complemented by a 
behavioral equivalence, which can be used to define the a notion of correct- 
ness of program transformation. 

— A contextual semantics is a kind of operational semantics as above enhanced 
with an approximation relation based on a contextual preordering (see e.g. 



Smi92,MST96 Pit97|). An expression s has less information than an expres- 



sion t, iff in all contexts C[], if C[s] gives some information (e.g. terminates), 



then C[t] also gives some information (i.e. terminates). This notion is di- 
rectly adapted to define a notion of correctness of program transformation. 
Often it gives the intuitive correct notion of program equivalence, and hence 
also of correct program transformations. 

The advantage of the contextual semantics is that the number of equality rela- 
tions is maximal and that the derived properties are independent of a specific 
domain. The properties of the contextual preorder are comparable to the or- 
derings in domains; for example it is possible to use fixed-point constructions 
for recursion. The contextual semantics is superior to the more syntax-oriented 
a/3(77)-equivalence, since contextual semantics permits considerably more pro- 
gram transformations. 

An advantage of contextual semantics over the denotational approach becomes 
obvious if non-determinism is on board and also sharing in the form of a (non- 
recursive or recursive) let. It appears to be very hard to construct a useful do- 
main for denotational semantics in the presence of non-determinism and higher- 
order functions, whereas it is possible to use the contextual equivalence for defin- 
ing an intuitive correct semantics. This can then be used to prove correctness 
of program transformations sometimes exploiting rewriting techniques. A slight 
disadvantage of the contextual semantics (w.r.t. economy of proofs) is that it 
depends on the available syntactic constructs, hence on the set of contexts, and 
the defined standard reduction. 

The prominent syntactic property of the lambda-calculus is confluence of reduc- 



tion | Bar84 . In the framework of a contextual semantics for the lambda-calculus 
(see e.g. |Abr9C |), confluence is not thus important and is replaced by the cor- 



rectness of program transformations. The really interesting propositions are: 

— Every beta-reduction transforms a program P into an equivalent one P', 
meaning that P and P' are contextually equivalent. This is the required 
modification of confluence. 

— (standardization) Whenever there is a reduction of an expression t to an 
abstraction, then the standard reduction terminates, i.e. reduces t to an 
abstraction. 

These properties can be generalized to extended lambda-calculi, where conflu- 



ence may be false (see e.g. AK94 ), but contextual equivalence can be easily 
adapted. 



Another approach is Rewriting Logic (see e.g. [MesOOQ, which is a step in the 
direction of providing a semantics for programming languages based on rewrit- 
ing rules. This appears to work for deterministic languages based on rewriting 
rules. However, the contextual semantics is our method of choice for the non- 
deterministic case. 

In this paper we present the calculus X n dir that is rather close to a non-strict 
functional core language. Reduction is like lazy call-by-need evaluation in func- 
tional programming languages. X n dir can be seen as a generalization of the calcu- 
lus in ]KSS98|jKut0"0| and thus of the calculi in ]AFM+95|]AF^jMOW9St , which 
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treat sharing in the lambda calculus. It also is a generalisation of [MSC9E] in- 
sofar as the language of expressions is not restricted to have only variables 
as arguments in applications. The calculus X n di r is related to the calculus in 



[ jS00| , where a similar language is investigated, but with the emphasis on an 



IO-interface. 

Another method for treating sharing are explicit substitutions [ACCL91|, which 
optimize resource usage of reductions by exploiting sharing, however, it is i) 
based on a/3(7y)-equivalence and ii) the reduction rules are in general n ot com - 



patible with non-determinism, i.e. not with \ n dw nor with the calculus in jKutOOj ; 



in particular, the let-over-lambda-rules are incompatible with non-determinism. 
Specific ingredients of \ n dir are 

— sharing by using letrec, which moreover allows recursive definitions. 

— a non-deterministic (erratic) choice, which allows to choose between two 
expressions. 

— a modified beta-reduction that prevents an unwanted duplication of non- 
deterministic expressions. 

The motivation to investigate non-determinism is to model interfaces of lazy 
functional languages to the outside world, i.e. to model input/output. This is 
done by a simulation of an IO-action by a nested choice-expression that repre- 
sents the set of possible input values of the 10. 

The paper proposes to investigate extended lambda-calculi by using operational 
methods and a contextual semantics. The contextual semantics includes a mea- 
sure for the number of non-deterministic steps. As a method for proving program 
transformation to be correct we propose to use complete sets of reduction dia- 
grams in combination with an appropriate context lemma. 

The results are that for \ n dw a rather large set of basic program transformations 

is proved to be correct. The paper also demonstrates the power of the method, 

since the reduction rules of \ n dir are numerous and complex. 

As a check-program for complete sets, a program "Jonah" was implemented to 

automatically test the complete reduction diagrams using a generatc-and-test 

scheme; Jonah can also be used to compute proposals for complete sets. 

As a remaining open problem the paper can be seen as a recommendation to 

start an investigation into adapting the Knuth-Bendix method to automatically 

computing the reduction diagrams. However, the reduction diagrams for (llet) for 

example show that it would be necessary to integrate a kind of meta-description 

like the Kleene-*. 

In this paper we do not present all proofs, but give enough hints and evidence 
of how the claims can be verified and that they are valid. 



2 The calculus X n di r 

The syntax of the language is as follows: 

There is a set of type-names. For every type there are constructors c coming with 
an arity ar(c). This partitions the set of all constructors into the constructors 
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belonging to different types. For a type A, \A\ is defined to be the number of 
constructors belonging to A. The constructors belonging to type A are indexed, 
and cas denotes the i th constructor of type A. 

E ::= V | C | (choice s t) | (case^ E AU X . . . Alt\ A \) \ (E x E 2 ) 
| (XV.E) | (letrec Vi= E 1 ,...V n = E n in E) 
Alt ::= {Pat E) 
Pat ::= c Vi ... V ar ( c ) 

where E, Ei arc expressions, A is a type, V, Vi are variables, and C is a con- 
structor. The variables in a pattern Pat must be different, and also new ones. 
Moreover, in a case^-expression, there is exactly one alternative with a pat- 
tern of the form {ca,% yi ■ ■ ■ y n ) for every constructor ca,%- The constants case^ 
and choice can only occur in a special syntactic construction. Thus expressions 
where choice or case^ is applied to a wrong number of arguments are not 
allowed. 

The structure letrec obeys the following conditions: The variables in the bind- 
ings are all distinct. We also assume that the bindings in letrec are commu- 
tative, i.e. can be commuted without syntactic change, letrec is recursive: I.e. 
the scope of Xj in (letrec Xj = Ei in E) is Ei, E. This allows to define closed, 
open expressions and a-renamings. For simplicity we use the disjoint variable 
convention. I.e., all bound variables in expressions are assumed to be disjoint. 
The reduction rules are such that the bound variables in the result are also 
made distinct by a-renaming. We also use the convention to omit parenthesis in 
denoting expression: (si . . . s n ) denotes (. . . (si s 2 ) . . . s„). 

We say that an expression of the form (c t\ . . . t n ) is a constructor application, 
if n < ar{c). A constructor application of the form (c X\ . . . x n ) is called a pure 
constructor application. An expression of the form (c h . . .t ar ^) is called a 
saturated constructor application. 

Definition 2.1. Let R,R~, be context classes defined as follows: 

R~ ::= [] | R~ E \ (case A R~ alts) 
R ::= R~ \ (letrec x\ = E\, . . . , x n = E n in R~) 

(letrec xi = i?j"[-],X2 = i?^[xi], ... ,Xj = i?~[xj_i], .. . in R~[xj\) 
where RJ is a context of class R~ 

R is called a reduction context and R~ is called a weak reduction context. For a 
term t with t = R~ [to] , we say R~ is maximal, iff there is no larger weak reduc- 
tion context with this property. For a term t with t — R\po], we say the reduction 
context R is maximal, iff it is either a maximal weak reduction context, or of 
the form (letrec x\ — i?J~[-],X2 = i?2~[xi], . . . ,Xj = Rj[xj-\], ... in R~[xj]), 
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where t = (letrec X\ = t\, . . . in R [xj]), R 1 [•] is maximal for t\, and the 
number j is maximal. 

For example the maximal reduction context of (letrec X2 — Xx.x,xi = 
Xi x\ in x\) is (letrec xi = \\,Xi = Xi X\ in x\), in contrast to the non- 
maximal reduction context (letrec X2 = \x.x,x\ = X2 x\ in []). 



The (call-by-need) reduction rules defined in 2.2 follow the principle of minimiz- 
ing copying at the cost of perhaps following several indirections. This holds for 
the copy rule (cpn) as well as (case). The technical reason is that this principle 
assures well-behaved reduction diagrams. 

Definition 2.2. The reduction rules are defined below in figure [|. If the context 
is important, then we denote it as a label of the reduction or state it explicitly. 
Note that for (case), the typical example is written down, where the position 
of the case is left open. There are two variants, one where the caseis in the 
in- expression, and one where the case -expression is in the right hand side of 
a binding. An exceptional case, where perhaps a letrec-expression has to be 
omitted, is the case of a constructor with zero arguments like (case Nil . . .). 

The union of ndl, ndr is called {nd). Reductions are denoted using an arrow with 

llet 

super and/or subscripts: e.g. >. Transitive closure is denoted by a + , reflexive 

transitive closure by a *. E.g. — > is the reflexive, transitive closure of — >. 
As a short comment of the reduction rules: 

— (lbeta) is a sharing version of beta-reduction 

— (cpn) is a lazy version of the replacement done by usual beta-reduction, 
where the copy may jump over several indirections. 

— (case) is the generalized if for case analysis of values. To find the value to 
be analyzed, it has to be virtually assembled by following the bindings. 

— (llet), (lapp), (lease) are used to adjust the let-environments 

— (nd) is the non-deterministic (erratic) choice. 

The next definition is intended to formalize the standard reduction. The idea is 
to find the reduction that is outermost, in a reduction context and also necessary 
for making progress in the evaluation. 

Definition 2.3. Let t be an expression. Let R be the maximal reduction con- 
text such that t = R[t'] for some t' . The standard redex and the corresponding 

St 

standard reduction > is defined by one of the following cases: 

— t' is a choice-expression: then use (ndr) or (ndl). 

— R = (letrec x\ = t%, . . .x n = t n in []), andt' is a letrec- expression. Then 
apply (llet) to R[t'}. 

— R = Rq[(- t")] where Rq is a reduction context. Ift' is a letrec-expression, 
then use (lapp) in context Rq; Ift' is an abstraction, then use (lbeta) in 
context Rq. 
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— R = Ro[ca.seA ■ alts]. 

Ift' is a letrec-expression, then use (lease) in context Rq; 

Ift' is a saturated constructor application, then use (case) in context Rq, if 

it is applicable. 

— R = (letrec X\ = [],x 2 = x\, . . . ,Xj = Xj-i, ... in where is a 
weak reduction context. 

Ift' is an abstraction, then use (cpn) as follows: (letrec X\ = t',X2 = 
Xi,...,Xj = Xj-i,... in Ri[xj})] — > (letrec x\ = t',x 2 = X\,...,Xj = 
Xj-i, ... in Ri[t'})}. 

Ift' is a letrec-expression, then use (llet), (lease), or (lapp) to flatten the 
letrec-expression t' into its superexpression. 

Ift' is a constructor application, and (case) is applicable to a case-expression 
in a reduction context, then apply this (case) -reduction. 

— R = (letrec X\ = \\,x 2 = X\,...,Xj = Xj_\,Xj + i = 
R~ +1 [xj], ... in i?^[xfc])] where R~ , R^, are weak reduction contexts. 

If t' is an abstraction, then use (cpn) such that the result is: R = 
(letrec xi = t',x 2 = Xi, . . . , Xj = Xj-i,x j+ i = R~ +1 [t'}, ... in #~ [x k ])]. 
Ift' is a letrec-expression, then use (llet) , (lease) , or (lapp) to flatten the 
letrec-expression tl into its superexpression. 

Ift' is a constructor application, and (case) is applicable to a case- expression 
in a reduction context, then apply this (case) -reduction. 

Lemma 2.4. For every term t: if t has a standard redex, then this redex is 
unique. If the standard reduction is not an (nd), then the standard reduction is 
also unique. 



Definition 2.5. A standard reduction s ► s\ ► s 2 . . . s n ► t has nd- 

count D, iff D is the number of (nd) -reductions in it. 

Note that we use the notion standard reduction also for non-maximal reductions. 

Definition 2.6. For a term t and an nd-count D, tij. D holds if there is some 
standard-reduction starting with t, and the reduction has nd-count D. 

Note that a standard reduction for an nd-count D is in general not unique. Note 
also that there may be expressions without a standard redex. 

Definition 2.7. (contextual preorder and equivalence) Let s,t be terms. We 
define: 

s< c t iff VCQ.VL* : C[s]^ D (3B.D < B A C[t]$ B ) 

s~ c t iff s < c t A t < c s 

Note that we permit contexts such that C[s] is an open term. 
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Proposition 2.8. < c is a preordering and ~ c is an equivalence relation. 

s < c t implies that C[s] < c C[t] for all contexts C[.\. I.e., < c is a precongruence 

on the set of expressions. 

s ^ c t implies that C[s] ^ c C[t] for all contexts C[.\. I.e., ^ c is a congruence on 
the set of expressions. 

Note that there are terms t without a standard redex, i.e. the standard reduction 
stops. The reasons could be classified as i) type-error like (case^(Xx.x) . . .), ii) 
a kind of non-termination like (letrec x — x in x), iii) as a value or a kind of 
normal form like (Cons True Nil) or Xx.x. 

The following lemma shows that it is sufficient to use reductions contexts for 
checking contextual approximation. 

Lemma 2.9. (Context Lemma) Let s,t be terms. If for all reduction contexts 
R and all nd-counts D: R[s]$ D =>■ (3B.D < B A R[t]^y B ), then s < c t. 

Proof. We prove the more general claim: 

if for all i: Sj, ti satisfy the conditions of the lemma for reduction contexts, 
then for all multicontexts C[-i, . . . , - m ]: C[si, . . . , s n ]| fl =4> (3B.D < 
B A C[ti, . . . , t n ]ty B . 

Assume this is false. Then there is a multicontext C, an nd-count D, such that 
C[si, . . -,s n }i}. D , and for all B with D < B: C[h, . . .,t n ]$ B . 
We select a multicontext, C, terms Si,U, and an nd-count D, and a corresponding 
reduction, such that the counterexample is minimal w.r.t. the following lexico- 
graphic ordering: i) the number of reduction steps of C[si, . . . , s n ], ii) the number 
of holes of C [...]. 

The search for a standard redex is performed top-down. There are two cases: 

1. The search for the reduction context inspects the term in a hole. Then we 
can assume wlog that the first hole is inspected first. Hence C[-, t 2 , ■ ■ ■ , t n ] 
is a reduction context. Let C := C[si, - 2 , . . . , •„]. Since C'[s2, ■ ■ ■ , s n ] = 
C[si, . . . ,s n ], we can select the the same standard reduction for nd-count D. 
Since the number of holes of C is smaller than the number of holes in C, we 
obtain some B > D with C'\p2, • • • , t n ]\!y B , which means C[si,t 2 , ■ . . , t n ]\!y B . 
Since C[-, t 2 , ■ ■ ■ , t n ] is a reduction context, the preconditions of the lemma 
imply that there is some B' > B with C[t\,t2, ■ ■ ■ ,t n ]§- B ,, a contradiction. 

2. The search for the reduction context does not inspect any hole of C. Then 
C[s\, . . . , s n ] as well as C[t\, . . . , t n ] can be reduced using the same standard 
reduction, since the search for a standard redex takes place only in the outer 
context C{. . .]. There are two cases for a reduction: 

St 

If the reduction C[s\, . . . , s n ] ► s' is not (nd), then this may result in 

C'[...] with more holes, and the holes are filled with copies of Sj, ti. Then we 
get a smaller counterexample since the number of reductions steps is smaller, 
and since non-(nd) standard reductions are unique. 



7 



If the reduction C[si, . . . , s n ] ► s' is an (ndl) (or (ndr), respectively), then 

the reduction of s' has nd-count D' = D — 1. We make the corresponding 

st ,ndl 

reduction: C[ti, . . . ,t n ] > t' . This is a smaller counterexample; hence we 

get a contradiction also in this case. 

Definition 2.10. A program transformation is a relation T between programs 
(expressions). A program transformation T is called correct, iff for all expres- 
sions P, P': P TP' implies P ~ C P'. 



The reductions rules in definition 2.2 define corresponding program transforma- 
tions if they are allowed in arbitrary contexts. 

Definition 2.11. Let an internal reduction be a non-standard reduction that 
takes place within a reduction context. Usually, this is denoted by the label i on 
the reduction arrow. 

We define complete sets of commuting and forking diagrams adapted from 
[[Kut99|jKut00| . In the following definition we use a notation for rewrite rules 



(i,llet) (st,a) (st,a) (i,llet) 

on reduction sequences, lor example - — ► • — -» ~> — ► • - — ► , where a 
is a reduction type. The • on the left hand side is like a joker, and the • on the 
right hand side can be seen as an existentially quantified term. 

Definition 2.12. Assume given a reduction type (red) and a set of (complemen- 
tary) reduction types T, where the base calculus reduction types are contained in 
T, as well as (red). 

A complete set of commuting diagrams for a reduction (red) is a set of rewrite 
rules on reduction sequences of the form 

i,red st,ai st,a^ st, 61 st,b m i,c± i,Ch 
> . > . . . > > . . . > . > >. 



i,red st,* 

where C4 £ T , such that for every reduction sequence s ► . ► t: Either 

it can be transformed using one of the meta-reductions into another reduction 

i,red st,* 

sequence from s to t, such that at least ► can be replaced. Or . ► t can be 

st,* st,-\- 

prolonged into a longer standard reduction sequence . . . ► t ► t' , such that 

it can be replaced as above. 

A complete set of forking diagrams for a reduction (red) is a set of rewrite rules 
on reduction sequences of the form 

st,a\ st,ak i,red i,c\ i,Ch st,b± st,b m 



st,* i,red 

where c% S T , such that: Either every reduction sequence s < . > t can 

be transformed into another reduction sequence between s and t, such that at 

i,red st,* 

least ► is replaced. Or s < . can be prolonged into a reduction sequence 

st,-\- st,* 

s' < s i . , such that it can be replaced as above. 

We also use reductions not in the base calculus as internal reductions. 
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It is intended that the corresponding meta-rewriting on reduction sequences 
terminates, which has to be proved for every such complete set. The complete 
sets of commuting (forking) diagrams are not unique. 

Note that in many cases, the forking diagrams can be derived from the commut- 
ing diagrams. 

Lemma 2.13. For every reduction that is not a (llet) or (cp) -reduction, i.e., 
a G {(nd), (Ibeta), (lapp), (lease), (case)}, there are no internal reductions. This 
means, every internal a-reduction with a G {(nd), (Ibeta), (lapp), (lease), (case)} 
is a standard reduction. 

Proof. By inspecting all the finitely many cases. 

a 

Proposition 2.14. If s > t, where a £ {(Ibeta), (lapp), (lease), (case)}, then 

s ~ c t. 

I.e., all the program transformations defined by one of the reductions 
{(Ibeta), (lapp), (lease), (case)} are correct. 

a,[] 

Proof. Let s' ► t by a (a)-reduction on the surface with a G 

{(Ibeta), (lapp), (lease), (case)}. 

We show s' < c t' exploiting the context lemma. Let R be a reduction context. 



si, a 



Then R[s'] R[t'} is not possible by Lemma |2.13| . Then R[s'] R[t'} by a 
unique standard reduction, hence if there a reduction for R[s'] with nd-count D, 
there is also one for R'[t'} with nd-count D. The context lemma now shows that 
s' < c t'. 

To show t' < c s' using the context lemma is similar: If there a standard reduction 
for R[t'] with nd-count D, there is also one for R[s'] with nd-count D. The context 
lemma now shows that t' < c s' . 

Hence we have shown s' ^ c t' . Since ^ c is a congruence, we have also that 
C[s'} ~ c C[t'] for an arbitrary context C. Hence the proposition holds. 



3 Correctness of the reduction (llet) 

The union of the reductions (llet), (lapp), (lease) is denoted as (111). The reduction 
lll + means a reduction sequence consisting only of (lll)-reductions of length at 
least 1. Accordingly III* is defined as any number of (lll)-reductions. (i,llet) Qvl 
means no reduction or 1 reduction (i, llet). In the following two lemmas, a stands 

a 

for an arbitrary reduction 

Lemma 3.1. A complete set of commuting diagrams for (llet) is: 

(i,llet) (st,a) (st,a) (i,llet) 



(i,llet) 

> 


(st,a) 
■ > 


ii,llet) 


(st,Ul+ 



(si, a) (st,llet) 

> ■ > 

) (st,lll + ) (i,llet) 
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Lemma 3.2. A complete set of forking diagrams for (llet) is: 

(st.a) (idlet) (idlet) (st,a) 

— < • > > • < 

(stdlet) (st,a) (idlet) (st,a) 

— i • < • > < 

(st,lll+) ( i;Het ) ( i|Het (st,lll+) 

(st.lll+) (i)Het) (st,lll+) 



(idlet) 

Proposition 3.3. If s ► t, then s ~ c t. 

I.e. (llet) is a correct program transformation in any context. 

Proof. First we assume that the reduction is on top level. 

To use the context lemma, we have to show what happens in a reduction context. 
I.e. assume that s = R[s'] and s' is the llet-redex. 

Using the forking diagrams, it is possible to construct from a standard reduction 
of s a standard reduction of t with the same nd-count. The context lemma then 
shows that s < c t. 

Using the commuting diagrams, it is possible to construct from a standard re- 
duction of t a standard reduction of s with the same nd-count by shifting the 

(idlet) 

> to the right. The context lemma then shows that t < c s. 

Together, this means s ~ c t. 

Finally, the congruence property of ~ c implies that a (llet) can be applied ev- 
erywhere in a term. □ 



4 Garbage Collection: ldel 

Garbage collection in the calculus has two forms, a non-cyclic one, and the other 

one that also collects cyclic references: 

The noncyclic reduction (ldel) is defined as : 

(ldel) (letrec x = s in t) — > t if x does not occur in t 

(ldel) (letrec x — s, E in t) — > (letrec E in t) if x does not occur in t, E 
The cyclic reduction (ldelcyc) consisting of (ldelcycl), (ldelcyc2) is defined as : 

(ldelcycl) (letrec x\ = s\, . . . , x m — s m in t) — > (letrec Xj — Sj, . . . , x m — s m in t) 
if Xi for 1 < i < j — 1 does not occur in Sj, . . . , s m , t and m > 1 

(ldelcyc2) (letrec x\ = S\, . . . , x m = s m in t) — > t 
if Xi for 1 < i < m does not occur in t 

Here we show the correctness of (ldel) . 

Lemma 4.1. A complete set of commuting diagrams for (ldel) is: 

(ldel) (st.a) (st,a) (ldel) 
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(Idel) (st,lll+) Idel 
> > ■ > 



(Idel) (st.lll + ) (st.Ul*) (Idel) 
— > • > > • > 

As an example for computing commuting diagrams, we show one case: We write 
\ instead of A. 

Example J±.2. We compute the overlap of an (ldel)-redex and a standard (lapp)- 
redex. If the overlap is trivial, then it is not hard to see that the reductions 
commute, including the property "standard". 

In the case of a proper overlap, the redex and the corresponding reduction is as 
follows: 

Idel 

((letrec x = c in \y.y) d) > (\y.y d) 

On the other hand, if first the (lapp) rule is applied, then: 

st^lapp 

((letrec x = c in \y.y) d) > (letrec x = c in (\y.y d) ) 

Idel 

► (\y.y d) 

(Idel) (st,lU + ) Idel 

This is covered by the rule ■ 



Lemma 4.3. A complete set of forking diagrams for (Idel) is: 

(**)<») (Idel) (Idel) ( st ' a ) 
— < ■ > > ■ < 

(st,lll+) ( Wei ) (;rfei) 

(st.lll+) ( Wei ) ( Wei ) (st,lW) 

Lemma 4.4. There are no infinite Ill-reductions 

Proof. This c an be shown by a natural-number valuation of expressions similar 
as m iKutOOl , which is strictly decreasing in every reduction step. □ 



(Idel) 

Proposition 4.5. If s > t, then s ~ c t. 

Proof, (sketch) 

Follows by induction on the length of reductions from the context lemma, and 
since there are no infinite (lll)-reduction sequences. □ 

5 Copying variables 

This section contains the reduction (lev) which is like compressing references 
used in letrecs. It can also be described as removing indirections. 

(lev) (letrec x — y,E in C[x\) —> (letrec x = y, E in C[y]) 
(lev) (letrec X\ = y, x<i = C[xi], E in t) 
— > (letrec x\ = y, xi = C[y], E in t) 



11 



Lemma 5.1. A complete set of commuting diagrams for (lev) is: 

(lev) (st,a) (st,a) (lev) 

(lev) (st,cpn) (st.cpn) (lev) (lev) 

(lev) (st,a) (st,a) , , 

— — ► • — ► ~> — > , where a G {case,cpn,ndr,ndl\. 
Lemma 5.2. A complete set of forking diagrams for (lev) is: 

(st.a) (lev) (lev) (st,a) 

— < • > ^> > ■ i 



(st,cpn) (lev) (lev) (lev) (st,cpn) 

— < • > -%^> > • > • < 

(st.a) (lev) (st,a) 

— < > ~» < for a G {cp,case,ndl,ndr} . 

(lev) 

Proposition 5.3. If s ► t, then s ~ c t. 

I.e., (lev) is a correct program transformation in any context. 

The proof uses the context lemma, and the complete set of commuting and 
forking diagrams to meta-reduce reduction sequences. 

6 Contextual equivalence of copy reductions 

The required diagrams and the proof of correctness of non-standard copy reduc- 
tions are complex. Only the complete set of commuting diagrams are presented. 
For this rule we require a special class of contexts: surface contexts: Surface 
contexts define expressions with holes not in the body of an abstraction. 

Definition 6.1. 

S ::= [] | (S E) \ (E S) | (case A S alts) | (case A E . . . (p -► S) . . .) 
| (choice E S) \ (choice S E) 

| ((letrec ... in S) | ((letrec . . . , Xi = S, . . . in E) 

where E stands for an expression. S is called surface context. 

We consider the following atomic copy reductions: 

(cp) (letrec xi — Si, . . . , x n = s n in C[xi]) 

— ► (letrec X\ = S\, . . . , x n = s n in C[si]) 
where s\ is an abstraction 
(cp) (letrec X\ = Si, . . . , x n — s n in s) 

— ► (letrec X\ = s\, . . . , Xj = C[si], . . . , x n = s n in s) 
where si is an abstraction 
and where sj = C[xi] 

We distinguish the (cp)-reduction into two subreductions: If the target occur- 
rence of the variable is in a surface context, then (cpt), otherwise it is a (cpd). 
Equivalently, it is a (cpd) iff the target variable is within an abstraction. 
Thus ((letrec x = s,E in D[Xz.C[x}})) -> ((letrec x = s,E in D[Xz.C[s}])) 
is a reduction of type (cpd). 
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Lemma 6.2. A complete set of commuting diagrams for (cpt), (cpd) is: 



,cpt) (st.a) (st,a) ({i,st},cpt) 

(st.a) (st,a) 

— ► ~> — > , where a £ {case, ndr, ndl {. 

(st,a) (st,a) (i,cpd) 



,cpt) 

,cpd) 
,cpd) 
,cpd) 

,cpd) 



(st : cpn) (st.cpn) (i,cpd) (i,cpd) 

(st.a) (st,a) 

— ► ~> — ► , where a £ {case, ndr, ndl { . 



(st.lbeta) 



(st,lbeta) ({i,st},cpt) 



This is sufficient to show that the (cp)-reductions retain contextual equivalence 
by a meta-reduction on reduction sequences. 



Proposition 6.3. Ifs- 



(cp) 



t, the 



t. 



I.e., (cp) is a correct program transformation in any context. 
In summary, we can prove: 

Theorem 6.4. All the reductions of the base calculus with the exception of 
(ndr), (ndl) are correct program transformations 

It is obvious that (ndr), (ndl) arc not correct as program transformations, 
since (choice True False) may reduce to True, but True is not equivalent 
to (choice True False). 



7 Unique Copy: Inlining 

If a letrec-bound variable occurs only once, then it is possible to replace this 

variable by the bound expression and to remove the binding: 

(ucp) (letrec x — s,E in C[x]) — > (letrec E in C[s]), where C[] is a surface 

context, s arbitrary, x has exactly one occurrence in C[x] and no 

occurrence in E nor in s. 
(ucp) (letrec x = s in C[x]) — > C[s], where C[] is a surface context, s arbitrary, 

and x has exactly one occurrence in C[x] and no occurrence in s. 
(ucp) (letrec x = s,y = C[x], E in t) — > (letrec y = C[s], E in t), where C[] 

is a surface context, s arbitrary, x has exactly one occurrence in C\x] 

and no occurrence in E,s and t. 
Note that if s is an abstraction, then the rule is a combination of (cp) and (ldel). 

Lemma 7.1. A complete set of commuting diagrams for (ucp) is: 

(ucp) (st,a) (st.a) (ucp) 

(ucp) (st,a) (st,a) (ldel) , , , 

— — ► • — ► ~» > ■ — > for a £ {case, ndr, ndl, cpn) 

(ucp) (st,a) (st.a) 

— — ► • — > ~» — > for a £ {case, ndr, ndl \ 
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(ucp) (st,lll*) (st.UV) (ucp) 

where the extreme case ^—Q^ ^—5? is excluded. 

(ucp) (st.cpn) (Idel) 

(ucp) 

Proposition 7.2. If s ► t, then s ^ c t. 

I.e., (ucp) is a correct program transformation in any context. 

8 Conclusion 

The rewriting based method of computing complete sets of commuting (resp. 
forking) diagrams to prove program transformations to be correct is demon- 
strated to be successful. We are able to show that all deterministic reduction 
rules in the rather complex lambda calculus X n dir and also some other rules are 
correct. A general automatic method to compute diagrams by checking all non- 
trivial overlaps would be a valuable tool and deserves further research efforts. 
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(lbeta) ((Xx.s) t) — > (letrec x — t in s) 

(cpn) (letrec xi = si, xi = xi, Xj = Xj-i, Xj+i = Sj+i .. . in C[xj]) 

— ► (letrec xi = si, xi = x\, . . . , Xj = Xj-i,Xj+i = Sj+i ... in C[si]) 
where si is an abstraction 
(cpn) (letrec xi = si,X2 = xi, ... ,Xj = Xj-i,Xj+i = C[xj], .. . ins) 

— ► (letrec xi = si,X2 = x\, . . . ,Xj = Xj-i,Xj+i = C[si], ... in s) 
where si is an abstraction 
(Met) (letrec X\ = Si, . . . , x n = s„ in (letrec yi = ti, . . . , y m = s m in r)) 

-¥ (letrec xi =si,...,x n = s n ,yi = ti, . . . , y m = s m in r) 
(llet) (letrec xi = Si, . . . , Xi = 

(letrec yi = ti, . . . , y m — t m in Si), ...,x„ = s n in r) 
—¥ (letrec xi = si, . . . , x n = s„, yi = t\, . . . , y m = s m in r) 
(lapp) ((letrec x» = U in t) s) — ► (letrec = U in (t s)) 
(lease) (caseA (letrec E in i) alts) — > (letrec i5 in case^ t a£is) 
(case) (caseA {ca,i ti...t n ) ... {{cA,i yi ■ ■ ■ y n ) —* t) . . .) 
—¥ (letrec yi = ti . . . y n = t„ in t) 

letrec xi = (ca,z ti . . . t^), 

X2 — X\ tj^ + l . . . tj 2 , 

(case) " ' _ 

C[caseA (a; m *j m +i . . .tj m+ i) • • • ((cA,i zi ■ ■ ■ z n ) — * t)]) 

letrec xi = (cA,i yi ■ ■ ■ yj x ), yi =ti,... y jl = t jl , 

%2 = X! y jl+1 . . .yj 2 ,y n +i = t jl+ i, ...,yj 2 = t j2 , 

X m = Xm—1 Vlm-i+l ■ ■ ■ Vim j Vjm-i+1 = 'i m -l+l i ■ ■ ■ > Vim ~ ^jm j 

C[(letrec y 3m +i = t Jm +i, . . ■ ,y Jm+1 = *j m+ i,«i = 2/i, ■ ■ ■ , z n = y n ±nt)] 
where n = j m and the case-expression may be in a bound or in the in-expression 
and where j/; are fresh variables 

(ndl) (choice s t) — > s 
(ndr) (choice st)->< 



Fig. 1. Reduction rules of X n dir 
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